This invention is related to business application services that utilize the concepts of social networking such as establishing connections between people of a network. The business services may be any business application services, including but not being limited to electronic commerce systems, e.g. electronic invoicing, purchase ordering and contract lifecycle management. Yet further, the invention is applicable to multitenant systems dealing with business transactions where each transaction has a plurality of stakeholding parties, e.g. a sender and a receiver. Still yet further, the invention may be applicable to service execution platforms acting as an execution environment for a plurality of services for the transactions.
Today, social networks have grown to a popular class of web services. In such systems, access to data is controlled by the owner of the data, i.e. an individual user. Another class of web services gaining popularity today are multitenant data management systems dealing with business data, i.e. data owned by organizations instead of individuals. In such systems, access rights are typically managed by an administrative function using e.g. a suitable role-based access control solution.
A need is arising to utilize ideas familiar from social networks in business services that deal with data owned by business organizations. The prior art methods of controlling services' access to data are not suitable in such systems. On one hand, the known access control methods of social networks are not applicable as they require an individual user to own the data. On the other hand, the traditional access control methods of business application services are not practical as they require extensive amount of administrative work, e.g. in the form of frequent management of organizational structures and users' positions and roles in organizations.
There thus exist various problems in controlling business application service providers' access to data owned by business organizations in a multitenant service execution and/or data management platform. Especially there is a need to ensure that access of a third party, e.g. a service provider, to data owned by a business organization is managed in a simple and reliable manner. Also, improvements in the area of reducing the administrative burden of business systems would be greatly appreciated.
It is an object of the present invention to provide a third party access authorization method and arrangement for a service platform that uses a multitenant data management system. It is desirable that at least some of the above mentioned issues left open in the prior art solutions are addressed by some preferred embodiments of the invention.